Difference between revisions of "Tips for banning users"

From Online Manual

Jump to: navigation, search
m (Tidying up use of language)
m
Line 1: Line 1:
 
Proper usage of SMF's system for banning users can make bans work fairly well. A number of tips advising administrators how to implement effective bans are listed below:
 
Proper usage of SMF's system for banning users can make bans work fairly well. A number of tips advising administrators how to implement effective bans are listed below:
  
# Avoid creating an entire ban group for a single ban. This mod is very useful to add new bans to an existing group [[https://custom.simplemachines.org/mods/index.php?mod=2265]]
+
# Avoid creating an entire ban group for a single ban. This mod is very useful to add new bans to an existing group [https://custom.simplemachines.org/mods/index.php?mod=2265]
 
# Avoid banning based on host name. This is a slow process because it involves carrying out a reverse lookup on the IP, which takes time. For this process, just as is the case with banning by IP, the ban query must be run on every page load that a user generates when visiting the site.
 
# Avoid banning based on host name. This is a slow process because it involves carrying out a reverse lookup on the IP, which takes time. For this process, just as is the case with banning by IP, the ban query must be run on every page load that a user generates when visiting the site.
 
# Avoid banning on IP, if possible. IP based bans are ineffective, especially when banning IPv6 addresses, because ISPs allow for a wide range of IPs that can change dynamically or be changed manually. As a result, banning a single IPv6 address is pointless. In addition, owing to Carrier Grade NAT (GCNAT), as well as some countries having few IPs, banning by IP may result in banning a large number of legitimate users because there could be many of these users behind that sole IP address. Banning by IP should, therefore, only be used as a last resort.
 
# Avoid banning on IP, if possible. IP based bans are ineffective, especially when banning IPv6 addresses, because ISPs allow for a wide range of IPs that can change dynamically or be changed manually. As a result, banning a single IPv6 address is pointless. In addition, owing to Carrier Grade NAT (GCNAT), as well as some countries having few IPs, banning by IP may result in banning a large number of legitimate users because there could be many of these users behind that sole IP address. Banning by IP should, therefore, only be used as a last resort.

Revision as of 12:52, 9 August 2018

Proper usage of SMF's system for banning users can make bans work fairly well. A number of tips advising administrators how to implement effective bans are listed below:

  1. Avoid creating an entire ban group for a single ban. This mod is very useful to add new bans to an existing group [1]
  2. Avoid banning based on host name. This is a slow process because it involves carrying out a reverse lookup on the IP, which takes time. For this process, just as is the case with banning by IP, the ban query must be run on every page load that a user generates when visiting the site.
  3. Avoid banning on IP, if possible. IP based bans are ineffective, especially when banning IPv6 addresses, because ISPs allow for a wide range of IPs that can change dynamically or be changed manually. As a result, banning a single IPv6 address is pointless. In addition, owing to Carrier Grade NAT (GCNAT), as well as some countries having few IPs, banning by IP may result in banning a large number of legitimate users because there could be many of these users behind that sole IP address. Banning by IP should, therefore, only be used as a last resort.
  4. If the account which is to be banned is a spammer or one which will be deleted, ensure that the ban is not triggered on the user account because the account will have been deleted. Instead, set the trigger to be on the email address and set the restriction to be 'Partial: Cannot register'. This means that the ban list is only queried when the user attempts to register or attempts to change the email address (if the account was not deleted). If a ban restriction is set to 'Partial: Cannot login' or 'Partial: Cannot post' then the ban list only has to be checked if the user attempts to login or post and it is not queried on every page load.
  5. If the account belongs to a registered member, simply ban their account. This is fast for SMF to process. If this user is getting around the ban, take alternative measures at that time, rather than taking possibly unnecessary and preemptive actions in advance.

Hopefully, these tips are helpful for administrators. Please ask on the forum if further advice is required.